I think I misinterpreted the assignment. 🤡
- Have the compromised client periodically call out/launch
- make the program sleep for 2 minutes in a loop if it couldn't connect
- Provide a remote shell
- once they've connected, have the client stay awake and listen ** - hide behind a commonly used process name or try to change the name in the kernel? to make it not appear. Could also have the program run this before actually trying to connect for the first time
- HOW DO I DO THIS AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- Persist if the machine reboots
** - store in memory
- https://www.howtogeek.com/687970/how-to-run-a-linux-program-at-startup-with-systemd/ ** - Rootkit: can modify system files, kernel modules, or boot processes to conceal malicious processes and network connections. Advanced rootkits may employ techniques such as kernel-level hooking, process hiding, and memory manipulation to evade detection by security tools.
- Process Injection
- Configuration for testing
- edit the source code. create them as variables at the top of the files
- Authenticate communication
** - chp 9 of the book I found
- check it works with firewalls!
- https://nitratine.net/blog/post/asymmetric-encryption-and-decryption-in-python/
- Hide from detection
** - wipe out system logs in /var/log
** - process hiding (process list) rootkit
- sleep to avoid lots of network traffic
- Extra credit script ** - something?
Making the C version.
- maybe draw an outline, add in pictures
- do it SSH-style
- EITHER store it on disk as a binary
- OR have it in a cron job
- OR find a way to keep it in memory. eg modify bootup (UEFI?) so that it cURLs from a server
- abnormal network traffic; ask others for advice!
- asymmetric encryption? it'll take much longer
- any commands originating from ccat must be obfuscated in files and process lists
- stretch: how to hide network traffic?
- Tripwire
- network traffic (Wireshark, maybe Burp?)
- not sure what else. ask for advice to make it more advanced